Information Technology Security Trends to Watch in 2018

Information Security Trends To Be Aware Of In 2018

2017 was a banner year for information security breaches. More data was compromised in the first half of 2017 than 2016 saw all year. And with new threats on the horizon — think fileless malware, IoT ransomware and increasingly sophisticated phishing attacks — 2018 may prove just as dangerous for corporate networks. What does this mean for companies looking to shore up security and C-suite peace of mind? That it’s worth taking stock of both 2017 IT security trends and emerging 2018 concerns.

Trend 1: Ransomware

In 2017, ransomware attacks began leveraging a new resource: the Internet of Things (IoT). These always-connected devices are quickly becoming ubiquitous, but are often protected by minimal (or absent) security, allowing hackers to easily compromise hundreds or thousands of devices — the Mirai botnet is an excellent example.

2018 brings a shifting focus for ransomware attackers. With security teams improving their ability to detect traditional ransomware campaigns, expect attackers to leverage methods such as fileless attacks — which lack the typical red flags of ordinary ransomware attacks and then use approved internal applications to grab malicious payloads — in addition to focusing on high-value device compromise (the CEO’s personal smartphone, for example) rather than large-scale enterprise networks.

Trend 2: Detection and Prevention

Crime-as-a-service saw substantial growth in 2017 as enterprising hackers packaged malicious code and sold it on the Dark Web for profit. This allowed even low-skill users to implement networkwide malware attacks while also encouraging the development of new malicious code bank as a secondary revenue stream. For 2018, research firm Gartner recommends that companies shift their focus away from protection and prevention — given the easy availability of hacking tools, it’s impossible for any IT security solutions to fully prevent attacks — and instead spend on detection and response efforts designed to catch attacks as they happen, and provide immediate response.

Trend 3: AI

Devices were hot targets in 2017 — routers, printers, cameras and smartphones became ground zero for new malware attacks. Expect this to continue through 2018, but also expect a commensurate rise in AI and machine learning development, both of which hold real promise for boosting cyber defenses. Emerging artificial intelligence tools offer the potential to eliminate false positives, quickly detect potential issues and immediately act to quarantine confirmed malware attacks.

Trend 4: Application Issues

2017 highlighted the role of application vulnerabilities: Both commonly used code and purpose-built tools were compromised by hackers looking to take control of critical operations or mine databases for consumer information. Gartner suggests that in 2018, IT security information teams must merge with DevOps deployments to address emerging app vulnerabilities as quickly as possible. While this shift doesn’t come cheap, the necessary links created between security and DevOps can help save money and mitigate overall risk.

Trend 5: Skilling Up

There’s a skills shortage underway. Companies struggled to fill IT security information teams in 2017, and the outlook for 2018 isn’t any better. Why? Because infosec pros are a valuable resource, and the increasing speed of threat development means that post-secondary institutions can’t produce new experts fast enough to meet demand. For businesses, this growing gap speaks to the need for third-party cooperation: Reputable information security advisers can help you design an infosec blueprint that includes a long-term strategic roadmap, short-term tactical plan and advice on how to turn security needs into an actionable business case for the C-suite.

IT security trends don’t exist in a vacuum. Concerns from 2017 have evolved for 2018, but remain top priorities — make sure you’re ready to meet these challenges head-on with a working knowledge of emerging IT trends and superior infosec support.